CVE-2017-1000402

Improper Input Validation in maven/org.jenkins-ci.plugins/swarm-client

Identifiers

GHSA-pj45-8vhc-mh2f, CVE-2017-1000402

Package Slug

maven/org.jenkins-ci.plugins/swarm-client

Vulnerability

Improper Input Validation

Description

Jenkins Swarm Plugin Client 3.4 and earlier bundled a version of the commons-httpclient library with the vulnerability CVE-2012-6153 that incorrectly verified SSL certificates, making it susceptible to man-in-the-middle attacks.

Affected Versions

All versions up to 3.4

Solution

Upgrade to version 3.5 or above.

Last Modified

2022-11-23

source